MediaWiki  master
ApiQueryTokens.php
Go to the documentation of this file.
1 <?php
29 
37 
38  public function execute() {
39  $params = $this->extractRequestParams();
40 
41  if ( $this->lacksSameOriginSecurity() ) {
42  $this->addWarning( [ 'apiwarn-tokens-origin' ] );
43  return;
44  }
45 
46  $user = $this->getUser();
47  $session = $this->getRequest()->getSession();
48  $salts = self::getTokenTypeSalts();
49 
50  $done = [];
51  $path = [ 'query', $this->getModuleName() ];
52  $this->getResult()->addArrayType( $path, 'assoc' );
53 
54  foreach ( $params['type'] as $type ) {
55  $token = self::getToken( $user, $session, $salts[$type] )->toString();
56  $fit = $this->getResult()->addValue( $path, $type . 'token', $token );
57 
58  if ( !$fit ) {
59  // Abuse type as a query-continue parameter and set it to all unprocessed types
60  $this->setContinueEnumParameter( 'type',
61  array_diff( $params['type'], $done ) );
62  break;
63  }
64  $done[] = $type;
65  }
66  }
67 
76  public static function getTokenTypeSalts() {
77  static $salts = null;
78  if ( !$salts ) {
79  $salts = [
80  'csrf' => '',
81  'watch' => 'watch',
82  'patrol' => 'patrol',
83  'rollback' => 'rollback',
84  'userrights' => 'userrights',
85  'login' => [ '', 'login' ],
86  'createaccount' => [ '', 'createaccount' ],
87  ];
88  $hookContainer = MediaWikiServices::getInstance()->getHookContainer();
89  $hookRunner = new ApiHookRunner( $hookContainer );
90  $hookRunner->onApiQueryTokensRegisterTypes( $salts );
91  ksort( $salts );
92  }
93 
94  return $salts;
95  }
96 
109  public static function getToken( User $user, MediaWiki\Session\Session $session, $salt ) {
110  if ( is_array( $salt ) ) {
111  $session->persist();
112  return $session->getToken( ...$salt );
113  } else {
114  return $user->getEditTokenObject( $salt, $session->getRequest() );
115  }
116  }
117 
118  public function getAllowedParams() {
119  return [
120  'type' => [
121  ParamValidator::PARAM_DEFAULT => 'csrf',
122  ParamValidator::PARAM_ISMULTI => true,
123  ParamValidator::PARAM_TYPE => array_keys( self::getTokenTypeSalts() ),
124  ParamValidator::PARAM_ALL => true,
125  ],
126  ];
127  }
128 
129  protected function getExamplesMessages() {
130  return [
131  'action=query&meta=tokens'
132  => 'apihelp-query+tokens-example-simple',
133  'action=query&meta=tokens&type=watch|patrol'
134  => 'apihelp-query+tokens-example-types',
135  ];
136  }
137 
138  public function isReadMode() {
139  // So login tokens can be fetched on private wikis
140  return false;
141  }
142 
143  public function getHelpUrls() {
144  return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens';
145  }
146 }
getResult()
Get the result object.
Definition: ApiBase.php:637
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:773
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition: ApiBase.php:1378
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:506
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Definition: ApiBase.php:568
This is a base class for all Query modules.
setContinueEnumParameter( $paramName, $paramValue)
Set a query-continue value.
Module to fetch tokens via action=query&meta=tokens.
static getTokenTypeSalts()
Get the salts for known token types.
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
getHelpUrls()
Return links to more detailed help pages about the module.
isReadMode()
Indicates whether this module requires read rights.
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
getExamplesMessages()
Returns usage examples for this module.
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
This class provides an implementation of the hook interfaces used by the core Action API,...
Service locator for MediaWiki core services.
The MediaWiki class is the helper class for the index.php entry point.
Definition: MediaWiki.php:43
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:71
getEditTokenObject( $salt='', $request=null)
Initialize (if necessary) and return a session token value which can be used in edit forms to show th...
Definition: User.php:2944
Service for formatting and validating API parameters.